/
mssql.rb
152 lines (122 loc) · 3.29 KB
/
mssql.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
# -*- coding:binary -*-
require 'rex/post/mssql'
class Msf::Sessions::MSSQL
include Msf::Session::Basic
include Msf::Sessions::Scriptable
# @return [Rex::Post::MSSQL::Ui::Console] The interactive console
attr_accessor :console
# @return [MSSQL::Client] The MSSQL client
attr_accessor :client
attr_accessor :platform, :arch
attr_accessor :address, :port
attr_reader :framework
def initialize(rstream, opts = {})
@client = opts.fetch(:client)
self.console = Rex::Post::MSSQL::Ui::Console.new(self, opts)
super(rstream, opts)
end
def bootstrap(datastore = {}, handler = nil)
session = self
session.init_ui(user_input, user_output)
@info = "MSSQL #{datastore['USERNAME']} @ #{@peer_info}"
end
def execute_file(full_path, args)
if File.extname(full_path) == '.rb'
Rex::Script::Shell.new(self, full_path).run(args)
else
console.load_resource(full_path)
end
end
def process_autoruns(datastore)
['InitialAutoRunScript', 'AutoRunScript'].each do |key|
next if datastore[key].nil? || datastore[key].empty?
args = Shellwords.shellwords(datastore[key])
print_status("Session ID #{session.sid} (#{session.tunnel_to_s}) processing #{key} '#{datastore[key]}'")
session.execute_script(args.shift, *args)
end
end
def rhost
self.address
end
def rport
self.port
end
def type
self.class.type
end
# Returns the type of session.
#
def self.type
'MSSQL'
end
def self.can_cleanup_files
false
end
#
# Returns the session description.
#
def desc
'MSSQL'
end
def address
return @address if @address
@address, @port = client.sock.peerinfo.split(':')
@address
end
def port
return @port if @port
@address, @port = client.sock.peerinfo.split(':')
@port
end
##
# :category: Msf::Session::Interactive implementors
#
# Initializes the console's I/O handles.
#
def init_ui(input, output)
self.user_input = input
self.user_output = output
console.init_ui(input, output)
console.set_log_source(log_source)
super
end
##
# :category: Msf::Session::Interactive implementors
#
# Resets the console's I/O handles.
#
def reset_ui
console.unset_log_source
console.reset_ui
end
def exit
console.stop
end
##
# :category: Msf::Session::Interactive implementors
#
# Override the basic session interaction to use shell_read and
# shell_write instead of operating on rstream directly.
def _interact
framework.events.on_session_interact(self)
framework.history_manager.with_context(name: type.to_sym) do
_interact_stream
end
end
##
# :category: Msf::Session::Interactive implementors
#
def _interact_stream
framework.events.on_session_interact(self)
console.framework = framework
# Call the console interaction of the MSSQL client and
# pass it a block that returns whether or not we should still be
# interacting. This will allow the shell to abort if interaction is
# canceled.
console.interact { interacting != true }
console.framework = nil
# If the stop flag has been set, then that means the user exited. Raise
# the EOFError so we can drop this handle like a bad habit.
raise EOFError if (console.stopped? == true)
end
end